pboyd04
commented
4 years ago Don't know if you still need this or not, but I've got a call in my fork of this project that includes this ability. It's in version 1.2.0
Open joesiltberg opened 4 years ago
pboyd04
commented
4 years ago Don't know if you still need this or not, but I've got a call in my fork of this project that includes this ability. It's in version 1.2.0
joesiltberg
commented
4 years ago Awesome @pboyd04 ! I have an ugly workaround that works for my own needs, but it would be nice to get rid of that.
This was for https://github.com/crewjam/saml/ , I don't know if they'd be interested in changing package. There doesn't seem to be much activity in russellhaering/goxmldsig so perhaps it's a good idea to change to something actively maintained.
Ping @crewjam
When validating a signature, the function verifyCertificate verifies that the certificate hasn't expired. Since we've already verified that the certificate is one we trust, it would be nice if we could as an option skip the check of the certificate's notBefore/notAfter.
I can get around it by setting a fake clock to the cert's notBefore in the validation context (and calling Validate multiple times if there are multiple certificates). But it would be nice if you could set a flag in ValidationContext instead.
For context, see also https://github.com/crewjam/saml/issues/234
Would you consider such a feature? I can provide a PR if you wish.